So while doing some study prep on Windows 10 topics, I came across a section outline the workings of User Account Control or UAC. I know exhilarating stuff! Now this may or may not be common knowledge and if I am just repeating myself on content everyone already knows I apologise.
I know most of you will recognize those 3 letters, “UAC” and get that shivers, but for those who don’t know what I’m talking about see the screenshot below.
Have you ever wondered why the background dim’s when prompting for credentials or maybe on other machines it doesn’t dim?
Up until know, UAC for me personally has always been annoying. When users see this setting most will completely not understand what the slider is doing and see “lot’s of security – Always Notify” or “No annoying prompts – Never Notify me when”.
Some common problems I have seen based on this behavior ranges from problems where users have a prompt for every single action they complete on the computer, to no prompts for anything, but again can’t do anything because there using a standard user account and Windows does not have a way to communicate to the user it needs elevated privilege. This can sometimes be a black hole for some inexperienced tech’s not looking or even considering UAC.
So the basics with this are…
There are 4 levels of UAC, Never notify me when, Notify me only when applications try to make changes, Notify me only when applications try to make changes to my computer and Always notify:
- Never notify me when.. In this setting, UAC is disabled. Users signing in with a standard account cannot perform administrative tasks because there is no means of prompting for credentials to perform those tasks. In a normal situation where a user would be prompted for administrative credentials this would not show, and for a tech to see this symptom they would not even consider UAC as a troubleshooting step to check the level. This has the potential to waste a lot of time.
- Notify me only when applications try to make changes.. In this setting, users are prompted, but Windows does not switch to Secure Desktop while awaiting user consent. This is the less secure way. Did you know: In this mode, you will notice that the background does not dim, this is to let the user know that they are not running in Secure Desktop mode.
- Notify Me only when applications try to make changes to my computer.. In this setting, users are prompted, and Windows switched to Secure Desktop while awaiting user consent. This is more secure and default. Did you know: In this mode, Secure Desktop is enabled and will dim the background.
- Always Notify.. This is the most secure but most intrusive setting. Users are prompted not only for application installation but also any time they make Windows setting changes.
So at the end of the day, these settings are very dependent on your environment. It greatly differs between an enterprise environment to a home user setup. But know when this does prompt, the various setting are enabled for higher security to enable a safer environment for your user account.
Know consider this scenario. How would you approach it?
Question: One of the remote users, Luke, users a Bluetooth headset device when working from his home office. He is frustrated that each time he tries to pair the headset, UAC requires him to call the help desk to allow the pairing to complete. How can you help him while ensuring that Luke operates with the least privilege?
Answer: You need to review the UAC settings on Luke’s computer. The default UAC setting enables a standard user to pair Bluetooth devices with the computer without receiving a UAC prompt. You suspect that the UAC has been set at the most restrictive level; it needs to be set to the default, Notify Me only when apps try to make changes to my computer (Default) setting.